Reads textual TCP/IP packet descriptors from an ASCII tcpdump output file,
then creates packets resembling those descriptors and pushes them out the
output. Optionally stops the driver when there are no more packets.
The file may be compressed with gzip(1) or bzip2(1); FromTcpdump will
run zcat(1) or bzcat(1) to uncompress it.
FromTcpdump reads from the file named FILENAME unless FILENAME is a
single dash `-', in which case it reads from the standard input. It will
not uncompress the standard input, however.
FromTcpdump doesn't parse many of the relevant parts of the file. It handles
fragments badly, for example. Mostly it just does TCP and some rudimentary
UDP.
Keyword arguments are:

STOP

Boolean. If true, then FromTcpdump will ask the router to stop when it
is done reading. Default is false.

ACTIVE

Boolean. If false, then FromTcpdump will not emit packets (until the
`active' handler is written). Default is true.

ZERO

Boolean. Determines the contents of packet data not set by the dump. If true
(the default), this data is zero. If false, it is random garbage.

CHECKSUM

Boolean. If true, then output packets' IP, TCP, and UDP checksums are set. If
false (the default), the checksum fields contain random garbage.

SAMPLE

Unsigned real number between 0 and 1. FromTcpdump will output each
packet with probability SAMPLE. Default is 1. FromTcpdump uses
fixed-point arithmetic, so the actual sampling probability may differ
substantially from the requested sampling probability. Use the
sampling_prob handler to find out the actual probability. If MULTIPACKET is
true, then the sampling probability applies separately to the multiple packets
generated per record.
Only available in user-level processes.

FromTcpdump is a notifier signal, active when the element is active and
the dump contains more packets.
tcpdump's binary output is generally much better than the output of
FromTcpdump. Unfortunately, some people just throw it away.